Search in sources :

Example 11 with ExtensionValue

use of org.xipki.ca.api.profile.ExtensionValue in project xipki by xipki.

the class XmlX509Certprofile method initSmimeCapabilities.

private void initSmimeCapabilities(Set<ASN1ObjectIdentifier> extnIds, ExtensionsType extensionsType) throws CertprofileException {
    ASN1ObjectIdentifier type = ObjectIdentifiers.id_smimeCapabilities;
    if (!extensionControls.containsKey(type)) {
        return;
    }
    extnIds.remove(type);
    SMIMECapabilities extConf = (SMIMECapabilities) getExtensionValue(type, extensionsType, SMIMECapabilities.class);
    if (extConf == null) {
        return;
    }
    List<SMIMECapability> list = extConf.getSMIMECapability();
    ASN1EncodableVector vec = new ASN1EncodableVector();
    for (SMIMECapability m : list) {
        ASN1ObjectIdentifier oid = new ASN1ObjectIdentifier(m.getCapabilityID().getValue());
        ASN1Encodable params = null;
        org.xipki.ca.certprofile.x509.jaxb.SMIMECapability.Parameters capParams = m.getParameters();
        if (capParams != null) {
            if (capParams.getInteger() != null) {
                params = new ASN1Integer(capParams.getInteger());
            } else if (capParams.getBase64Binary() != null) {
                params = readAsn1Encodable(capParams.getBase64Binary().getValue());
            }
        }
        org.bouncycastle.asn1.smime.SMIMECapability cap = new org.bouncycastle.asn1.smime.SMIMECapability(oid, params);
        vec.add(cap);
    }
    ASN1Encodable extValue = new DERSequence(vec);
    smimeCapabilities = new ExtensionValue(extensionControls.get(type).isCritical(), extValue);
}
Also used : ASN1Integer(org.bouncycastle.asn1.ASN1Integer) DERSequence(org.bouncycastle.asn1.DERSequence) ExtensionValue(org.xipki.ca.api.profile.ExtensionValue) SMIMECapabilities(org.xipki.ca.certprofile.x509.jaxb.SMIMECapabilities) ASN1EncodableVector(org.bouncycastle.asn1.ASN1EncodableVector) SMIMECapability(org.xipki.ca.certprofile.x509.jaxb.SMIMECapability) ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)

Example 12 with ExtensionValue

use of org.xipki.ca.api.profile.ExtensionValue in project xipki by xipki.

the class AdmissionSyntaxOption method getExtensionValue.

public ExtensionValue getExtensionValue(List<List<String>> registrationNumbersList) throws BadCertTemplateException {
    if (!this.inputFromRequestRequired) {
        return this.extensionValue;
    }
    if (CollectionUtil.isEmpty(registrationNumbersList)) {
        throw new BadCertTemplateException("registrationNumbersList must not be empty");
    }
    final int n = registrationNumbersList.size();
    if (n != this.admissionsList.size()) {
        throw new BadCertTemplateException("invalid size of Admissions in AdmissionSyntax: " + "is=" + n + ", expected=" + this.admissionsList.size());
    }
    // check registrationNumbers
    List<List<String>> newRegNumbersList = new ArrayList<>(this.admissionsList.size());
    for (int i = 0; i < n; i++) {
        AdmissionsOption ao = this.admissionsList.get(i);
        List<ProfessionInfoOption> pi = ao.getProfessionInfos();
        List<String> registrationNumbers = registrationNumbersList.get(i);
        final int k = registrationNumbers.size();
        if (k != pi.size()) {
            throw new BadCertTemplateException("invalid size of ProfessionInfo in Admissions[" + i + "], is=" + k + ", expected=" + pi.size());
        }
        List<String> newRegNumbers = new ArrayList<>(k);
        newRegNumbersList.add(newRegNumbers);
        for (int j = 0; j < k; j++) {
            RegistrationNumberOption option = pi.get(j).getRegistrationNumberOption();
            if (option == null || option.getConstant() != null) {
                continue;
            }
            Pattern regex = option.getRegex();
            String regNum = registrationNumbers.get(j);
            if (regNum == null || !regex.matcher(regNum).matches()) {
                throw new BadCertTemplateException("invalid registrationNumber[" + i + "][" + j + "]: '" + regNum + "'");
            }
            newRegNumbers.add(regNum);
        }
    }
    ASN1EncodableVector vec = new ASN1EncodableVector();
    for (int i = 0; i < this.admissionsList.size(); i++) {
        AdmissionsOption ao = this.admissionsList.get(i);
        List<ProfessionInfoOption> piList = ao.getProfessionInfos();
        ProfessionInfo[] pis = new ProfessionInfo[piList.size()];
        for (int j = 0; j < pis.length; j++) {
            ProfessionInfoOption pio = piList.get(j);
            DirectoryString[] professionItems = null;
            int size = pio.getProfessionItems().size();
            professionItems = new DirectoryString[size];
            for (int k = 0; k < size; k++) {
                professionItems[k] = new DirectoryString(pio.getProfessionItems().get(k));
            }
            ASN1OctetString addProfessionInfo = null;
            if (pio.getAddProfessionalInfo() != null) {
                addProfessionInfo = new DEROctetString(pio.getAddProfessionalInfo());
            }
            RegistrationNumberOption regNumOption = pio.getRegistrationNumberOption();
            String registrationNumber = null;
            if (regNumOption != null) {
                if (regNumOption.getConstant() != null) {
                    registrationNumber = regNumOption.getConstant();
                } else {
                    registrationNumber = newRegNumbersList.get(i).get(j);
                }
            }
            pis[i] = new ProfessionInfo(pio.getNamingAuthority(), professionItems, pio.getProfessionOids().toArray(new ASN1ObjectIdentifier[0]), registrationNumber, addProfessionInfo);
        }
        vec.add(new Admissions(ao.getAdmissionAuthority(), ao.getNamingAuthority(), pis));
    }
    return new ExtensionValue(critical, new AdmissionSyntax(admissionAuthority, new DERSequence(vec)));
}
Also used : ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString) Pattern(java.util.regex.Pattern) ArrayList(java.util.ArrayList) DEROctetString(org.bouncycastle.asn1.DEROctetString) ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString) DirectoryString(org.bouncycastle.asn1.x500.DirectoryString) DEROctetString(org.bouncycastle.asn1.DEROctetString) DERSequence(org.bouncycastle.asn1.DERSequence) ExtensionValue(org.xipki.ca.api.profile.ExtensionValue) AdmissionSyntax(org.bouncycastle.asn1.isismtt.x509.AdmissionSyntax) BadCertTemplateException(org.xipki.ca.api.BadCertTemplateException) Admissions(org.bouncycastle.asn1.isismtt.x509.Admissions) ASN1EncodableVector(org.bouncycastle.asn1.ASN1EncodableVector) ArrayList(java.util.ArrayList) List(java.util.List) DirectoryString(org.bouncycastle.asn1.x500.DirectoryString) ProfessionInfo(org.bouncycastle.asn1.isismtt.x509.ProfessionInfo)

Example 13 with ExtensionValue

use of org.xipki.ca.api.profile.ExtensionValue in project xipki by xipki.

the class X509SelfSignedCertBuilder method addExtensions.

// method generateCertificate
private static void addExtensions(X509v3CertificateBuilder certBuilder, IdentifiedX509Certprofile profile, X500Name requestedSubject, X500Name grantedSubject, Extensions extensions, SubjectPublicKeyInfo requestedPublicKeyInfo, PublicCaInfo publicCaInfo, Date notBefore, Date notAfter) throws CertprofileException, IOException, BadCertTemplateException {
    ExtensionValues extensionTuples = profile.getExtensions(requestedSubject, grantedSubject, extensions, requestedPublicKeyInfo, publicCaInfo, null, notBefore, notAfter);
    if (extensionTuples == null) {
        return;
    }
    for (ASN1ObjectIdentifier extType : extensionTuples.getExtensionTypes()) {
        ExtensionValue extValue = extensionTuples.getExtensionValue(extType);
        certBuilder.addExtension(extType, extValue.isCritical(), extValue.getValue());
    }
}
Also used : ExtensionValue(org.xipki.ca.api.profile.ExtensionValue) ExtensionValues(org.xipki.ca.api.profile.ExtensionValues) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)

Example 14 with ExtensionValue

use of org.xipki.ca.api.profile.ExtensionValue in project xipki by xipki.

the class XmlX509CertprofileUtil method buildConstantExtesions.

// method buildExtKeyUsageOptions
public static Map<ASN1ObjectIdentifier, ExtensionValue> buildConstantExtesions(ExtensionsType extensionsType) throws CertprofileException {
    if (extensionsType == null) {
        return null;
    }
    Map<ASN1ObjectIdentifier, ExtensionValue> map = new HashMap<>();
    for (ExtensionType m : extensionsType.getExtension()) {
        ASN1ObjectIdentifier oid = new ASN1ObjectIdentifier(m.getType().getValue());
        if (Extension.subjectAlternativeName.equals(oid) || Extension.subjectInfoAccess.equals(oid) || Extension.biometricInfo.equals(oid)) {
            continue;
        }
        if (m.getValue() == null || !(m.getValue().getAny() instanceof ConstantExtValue)) {
            continue;
        }
        ConstantExtValue extConf = (ConstantExtValue) m.getValue().getAny();
        byte[] encodedValue = extConf.getValue();
        ASN1StreamParser parser = new ASN1StreamParser(encodedValue);
        ASN1Encodable value;
        try {
            value = parser.readObject();
        } catch (IOException ex) {
            throw new CertprofileException("could not parse the constant extension value", ex);
        }
        ExtensionValue extension = new ExtensionValue(m.isCritical(), value);
        map.put(oid, extension);
    }
    if (CollectionUtil.isEmpty(map)) {
        return null;
    }
    return Collections.unmodifiableMap(map);
}
Also used : ExtensionValue(org.xipki.ca.api.profile.ExtensionValue) HashMap(java.util.HashMap) CertprofileException(org.xipki.ca.api.profile.CertprofileException) ExtensionType(org.xipki.ca.certprofile.x509.jaxb.ExtensionType) ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable) IOException(java.io.IOException) ConstantExtValue(org.xipki.ca.certprofile.x509.jaxb.ConstantExtValue) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier) ASN1StreamParser(org.bouncycastle.asn1.ASN1StreamParser)

Example 15 with ExtensionValue

use of org.xipki.ca.api.profile.ExtensionValue in project xipki by xipki.

the class XmlX509Certprofile method initRestriction.

private void initRestriction(Set<ASN1ObjectIdentifier> extnIds, ExtensionsType extensionsType) throws CertprofileException {
    ASN1ObjectIdentifier type = ObjectIdentifiers.id_extension_restriction;
    if (!extensionControls.containsKey(type)) {
        return;
    }
    extnIds.remove(type);
    Restriction extConf = (Restriction) getExtensionValue(type, extensionsType, Restriction.class);
    if (extConf == null) {
        return;
    }
    DirectoryStringType stringType = XmlX509CertprofileUtil.convertDirectoryStringType(extConf.getType());
    ASN1Encodable extValue = stringType.createDirectoryString(extConf.getText());
    restriction = new ExtensionValue(extensionControls.get(type).isCritical(), extValue);
}
Also used : Restriction(org.xipki.ca.certprofile.x509.jaxb.Restriction) ExtensionValue(org.xipki.ca.api.profile.ExtensionValue) ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable) DirectoryStringType(org.xipki.ca.api.profile.DirectoryStringType) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)

Aggregations

ExtensionValue (org.xipki.ca.api.profile.ExtensionValue)19 ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)18 ASN1Encodable (org.bouncycastle.asn1.ASN1Encodable)9 DERSequence (org.bouncycastle.asn1.DERSequence)7 ASN1EncodableVector (org.bouncycastle.asn1.ASN1EncodableVector)6 CertprofileException (org.xipki.ca.api.profile.CertprofileException)6 ExtensionValues (org.xipki.ca.api.profile.ExtensionValues)5 ASN1Integer (org.bouncycastle.asn1.ASN1Integer)4 ASN1Sequence (org.bouncycastle.asn1.ASN1Sequence)4 DEROctetString (org.bouncycastle.asn1.DEROctetString)4 DERUTF8String (org.bouncycastle.asn1.DERUTF8String)4 BadCertTemplateException (org.xipki.ca.api.BadCertTemplateException)4 ArrayList (java.util.ArrayList)3 HashMap (java.util.HashMap)3 HashSet (java.util.HashSet)3 DERPrintableString (org.bouncycastle.asn1.DERPrintableString)3 DirectoryString (org.bouncycastle.asn1.x500.DirectoryString)3 IOException (java.io.IOException)2 LinkedList (java.util.LinkedList)2 List (java.util.List)2